The rapid development of computer technologies in recent years and the widespread popularity of various computing devices (e.g., personal computers, notebooks, tablets, smartphones, and the like), have been a powerful stimulus to the use of these devices in various spheres of activity and to use these devices for a huge number of tasks (e.g., from the processing and storing of personal photographs to bank transfers and electronic document circulation). In conjunction with the growth in the number of computing devices and the software operating on these devices, the number of malicious programs has also grown at a significant rate.
Currently, there are a vast number of varieties of malicious applications, the overwhelming majority of which are designed to profit their designers. Some of the malicious applications steal personal and confidential data from the devices of users, including, for example, logins and passwords, banking information, electronic documents, and so on. Other malicious programs form so-called “botnets” from user devices for attacks (such as DDOS or brute-force) on other computers or computer networks. Still other malicious programs provide users with paid content through intrusive advertising, paid subscriptions, the sending of short message services to premium rate numbers, and so on.
One particularly troublesome variety of malicious programs is ransoms or ransomware. Once these types of programs are installed on user devices, they disrupt the device's functionality, for example, by blocking the data entry devices, damaging data, limiting access to interface elements, and the like. Afterwards, the programs demand payment for eliminating the negative consequences of their operation. The most dangerous of the ransom programs are cryptors, whose malicious activity includes damaging data of value to the user (e.g., databases, Microsoft Office® documents, photographs, video clips, and the like). The damaging of data occurs by the program's encrypting, renaming or hiding of files.
Since not only the confidentiality of data, but also the data's integrity often represents a great value, the protection of data is an important task. One method for handling the ransom threats is the timely detection of the malicious application on the user device and its subsequent deactivation, making it possible to protect the data from unauthorized modification, as well as a regular creation of backup copies of data, which makes possible a restoration of the data even in the event of an unauthorized modification thereof.
Although the aforementioned methods are well suited for the tasks of tracking of file activity, backup storage of user data, and blocking the working of malicious software, these methods are not able to protect valid user data from modification by malicious software, since they are not able to effectively make a decision on backup data copying (i.e., in sufficient time before the data modification has been initiated), or in the case of a successful backup copying of data that can be modified, the methods are not able to assess the level of threat to this data from a modifying process. This, in turn, leads to a significant load on computer resources, including free hard disk space, processor time, and the like.